Configuration Management and ISO 10007 (again)

B

Bonhomme

Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor english, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and uptodate specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most fuctions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance
 

Stijloor

Leader
Super Moderator
Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor English, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and up to date specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most functions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance

Can someone help?

Thank you!!

Stijloor.
 

dsanabria

Quite Involved in Discussions
Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor english, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and uptodate specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most fuctions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance

1. Do you do Design & Development

2. You have many questions - which one do you need help understanding and applying.

3. Configuration Management is in section 7 so you could take an exclusion if it does not apply to your process.
 
B

Bonhomme

Hi

We sometimes design the product according to customer wishes (translating a functional need into an electronic card drawing), and we always design the processes to make/test these electronic cards.

So we need and have some sort of configuration management.

I guess all my questions could be pooled into one :

Is it possible to meet the CM requirements of EN9100 (7.1.3) while not following 100% of ISO 10007 guidelines, or would we have to find how to better stick to them ?

I'm pretty sure the CM system we already have is not bad, but if I read ISO 10007 correctly we still miss some things :
- Configuration items (or their formal identification)
- Formal configuration plan per product
- Configuration audits

For now, our system seems to work, and I'm not aware of any complaint from customers or auditors.
But that doesn't prove the system is good, does it ? It may only mean that we're either lucky, or not seeing its flaws. Or that problems haven't happened ... yet (aeronautics, 30+ years product life & records retention, etc etc)

Thanks
 

dsanabria

Quite Involved in Discussions
If customers have not complaint, and auditors have reviewed it - then it's probably effective. If you want additional information you could either attach the procedure for review or send it to me on a PM (Private message)
 
B

Bonhomme

Yeah, I suppose I'm thinking too hard.

My boss told me to look at some of the gaps we have regarding EN9100 (audit in january, first one with the new standard version)
He had filled the EN9101 audit grid to see where we are missing, and Configuration audits came up among other things.

Then I read ISO10007 and started doubting our whole CM process.

Sorry for the mess, I'll think tw... thrice before asking something stupid :nope:
 

Sidney Vianna

Post Responsibly
Leader
Admin
J

Jeff Frost

One question to first answer is based on your current system have you received internal or external complaints about configuration issues and does is meet the requirements of AS9100C. ISO 10007 is a reference only and not a requirement of AS9100. If you have not done so build a configuration management flow chart or model for your company and ask how do we meet the configuration requirements referenced in clause 7.1.e, 4.2.3, 7.5.1.2, 7.3.3, 7.3.7, 7.4, 7.5.3, 7.3.6.1 and 7.6 configuration note. Look at the risks in the current system and build from there based on your business model. Also because you are assembling printed circuit board you may find industry specific information in IPC specifications or applicable military/NATO documents.
 
B

Bonhomme

:applause: Thank you for your answers, I'll definitely make some sort of flowchart to better visualize the milestones and whether we cover the risks or not, rather than trying to stick our system over ISO 10007.

Also, that handbook will really help me on several topics, it'll avoid I come here asking dumb questions about risk management for example :notme:
 
Top Bottom